Hi,
Is there anyone have experienced to block dos attack and trace back the source IP.
Seem our PC is infected by somekind of MalWare. Fortigate traffic history widget shows us a burst traffic coming from our LAN to WAN1 and WAN2. The traffic burst 10Gbps in sort of time, randomly. (pls see screenshot attached)
I’m trying to block this traffic using Fortigate.
I'm aware about fortigate appControl, AV, and DOS capability.
AppControl => I'm blocking Bot and proxy category.
AV => I'm blocking connection to Botnet and C&C server.
DOS => I'm blocking UDP and TCP flood. Both threshold are 500.
With all that setting, the problem still occurs.
I'm not sure what kind of MalWare that infected my network.
I really appreciate if someone would share their experience and help me out with this issue.
Thanks
Regards//tato